Announcing the Exchange ActiveSync Logo Program

This is great!  Let's hope Windows Phone 7 can get certified!  ;)

(Seriously though - This is a welcome program)

err – I misread; it *is* certified.  Let’s see then if we can implement a higher tier indicating *all* features have been implemented.

Thank you for this! I can't tell you how many users of Android phones have "Exchange Support" but never really worked with Exchange 2010!

I definitely welcome this program! I can't stand how many phone makers claim ActiveSync support and yet they can't seem to follow any consistency.

How can iOS devices be compliant with the EAS specification when they have a bug that allows them to hijack meeting originators?

So a vendor must choose to submit their device for qualification?  There's nothing to prevent them from saying they do Activesync and choose not to implement the logo is there?.  Is the reverse then true as well... might a vendor be fully logo compliant but not join (or be slow about it) the program?

Like Mike said, some of us would like to see a second tier of certification that implements most if not all of the ActiveSync security policy capabilities. So maybe a Exchange ActiveSync+ Logo as well?

The reason we would like to see this is there are short comings to the Windows Phone 7 and even the iPhone 4 implementations of the ActiveSync policy settings. It's tough to push back against iPhone users now with this logo is out there, but for example our security folks believe we need full device encryption (including storage card) which Windows Phone 7 and iPhone 4 do not support.

At last!! But as another comment said - how will this be verified?

I would really like to see encryption at rest and syncing replie and forward status as requirements.  We should be striving for better security and a more rich end user expirance.  these two features were available in windows mobile 6.5.x, everything since then has been lacking in EAS support really.

What I'd like to see is what phone OS support CAS redirection in a coexistence scenario.  This is a serious pain point when doing an exchange migration to 2010.  As it stands now, I believe only MS mobile phones can connect to a 2007/2003 mailbox via a 2010 CAS server.    

And that list must be met for a companies BASE level of functionality to be certified correct?

Cause...

Q - Does RIM get this?

My A - Never

Cause until BIS = the list above RIM = no cert.

Otherwise I see this program getting abused and the meaning lost quickly of the certification

@Colin: Research In Motion, the company that provides BlackBerry Internet Service (BIS), is not an Exchange ActiveSync licensee and doesn't use EAS for BIS.

@Hotfix and Mike Crowley: As the post states, the program establish a "baseline for EAS functionality in mobile email devices".  Over time, additional features and management policies will be added as minimum requirements.

I think the logo should only be given to manufacturers who can implement ALL policy options available via an ActiveSync policy.

Corporates want an easy way to identify devices that are suitable for a corporate environment; for example, Apple devices and iOS 4+ are not really suitable for secure corporate environments. They only support a sub-set of policy options and can be Jailbroken too easily which then allows the by-passing of said policies.

It is difficult for IT departments to prove certain devices are not corporate-ready when the Managers and higher-ups want the latest "gadget", if Microsoft do not attach the ActiveSync logo to these devices, it becomes easier for the IT teams to refuse their use.

Interesting writing! Are there any predictions that you maybe willing to divulge in order to illustrate your second section a bit more? cheers

Is it possible to make phone search on GAL using Active Sync? If not do you have any plan to implement this functionality?

HotFix: iPhone 3GS and iPhone 4 supports full device encryption (obviously not storage card). See:

developer.apple.com/.../ios

JRVA: iPhone implements CAS redirection I believe. I have not tested a scenario like yours, but I tested going from 2007 to 2010 where I had different CAS servers. The iPhone connected to the 2007 CAS, received a status 451 (in the FolderSync response) with

the new fqdn. Switched over without a problem. Android however - no go...

That being said I think this is a good idea. The problem as it is now regarding security policies is that Exchange Server only does a polite request for devices to implement the policies. When the device reports back that policies are implemented that's

not a guarantee that it will have actually implemented this. I have created a test utility for use on the desktop that will happily bypass all policies and report itself as fully compliant.

Good knows, it´s a mess know with all different clients on Androids like Moxier/SonyEricsson X10 that doesn´t support Exchange 2010.

This is great news

Although Windows Phones are "certified", encryption is lacking for these devices. It has to be embarrasing for MS to say that while Exchange can do encryption policies, their devices cannot support this. Many companies have opted to exclude Windows phones and Droids simply for this reason, opening the market for BES and iPhones.

Let's get this fixed guys...

@Andreas -  I said "we need full device encryption (including storage card) which Windows Phone 7 and iPhone 4 do not support." so I am aware iPhone for supports device encryption, but it's not >full< device encryption if it doesn't include the storage card.

Until the certification includes on device encryption I really don't see the point. It seems convenient that Windows Phone 7 devices support all of the policies above but not the on device encrpytion one. We're in a bizarre world where the only current device with native support for encryption is an Apple product,

Hotfix: I am not aware of any iPhone models that support storage cards in general. So I don't see what good a policy for storage card encryption would do.

If Windows Phone 7 supported device encryption I'm sure it would have been on the requirements list :)

So, as it stands the iPhone is a really nice device when it comes to Exchange compliancy. (On a side note Samsung's Gingerbread ROM for the Galaxy S/SII also supports device encryption and pretty much all policies from Exchange 2010.)

Does Windows Phone 7 support Text Messaging from Outlook 2010 / OWA when sync'ing with ActiveSync like Windows Phone 6.5 does?

Refer: social.technet.microsoft.com/.../d5dc826f-0216-4efa-a82d-44338ef095b9

@Andreas - you are missing the point. Security folks want to see a device supports ALL of the flags in a security policy, not just some. The storage card encryption is just an example of one setting in this list of deficiencies for various devices:

en.wikipedia.org/.../Comparison_of_Exchange_ActiveSync_Clients

It really doesn't matter if you or I think the iPhone (or any phone) "is a really nice device when it comes to Exchange compliancy", there are the security people some of us have to answer to that wouldn't agree with you. Right or wrong, it's a reality some of us have to deal with.

Also it's irrelevant to me if the device today has an additional storage card or not, as there is always the next generation that could. Building support for the policy now, especially if it won't hurt anything, should be the direction everyone is heading in so that future models are already in line.

And I don't know if this would be considered a "storage card", but there is at least one unique external extension to the iPhone's storage capacity:

http://www.airstash.com/

In an effort to not bicker with you over details of a single specific detail like which model has an internal storage card, my intent has been focused on the original point that Mike Crowley raised which is that some of us are going to have to deal with security folks who want to know that they can flip every bit and not have devices ignore them. Also those same security folks really like the "block non-provisional devices" setting which has caused issues for some us trying to support devices with partial implementations of ActiveSync. A second tier logo that ensured those settings are accounted for would give all us a serious piece of mind and a bar for everyone to raise to.

This is an encouraging step forward.  More standards will help to ensure a consistent experience for EAS users while enabling administrators to better control what devices are allowed into the enterprise.

@HotFix It's ok to be wrong... everyone makes mistakes.